Does windows 2000 support efs

The operating system simply creates a new entry in the folders directory table and removes the old entry from the directory folder it had been in. Copying involves creating a new file and creating a new entry in the directory table of the folder.

Moving only involves creating a new directory entry and deleting the old directory entry. Moving or copying EFS files to another file system removes the encryption. Backing up an encrypted file or folder will maintain the contents in their original encrypted form. The restored files can be successfully opened if you use the Certificate Export wizard and the Certificate Import wizard to transfer your certificate and private key to your user profile on the new computer.

Change the name of an encrypted file or folder. No effect on nature of contents. Stays ASIS. Only directory entry changed. EFS files accessed remotely will be decrypted by the OS and transmitted across the network in plaintext. EFS files are transparently decrypted when access by authorized personnel and held in system cache and are potentially recoverable from the system cache if it is not cleared at shutdown.

Do not encrypt files when logged in as local administrator. EFS recovery is compromised since the creator and the recovery agent are the same account. This does not apply if you have changed the default recovery agent. Normally there is only one, issued by and to Administrator , with the Intended Purposes column reading File Recovery.

Click Next Choose a file to export the certificate to for max security, save to a floppy and store it securely Click Next Click Finish to export the certificate Organizations need policies to insure that EFS is used properly and safely.

If the HD fails or is reformatted, or if Windows is reinstalled, these keys will also be lost. If the user's keys are corrupt or lost in a standalone workstation, you are out of luck. In addition, EFS does nothing the encrypt network traffic, so when a user accesses encrypted files from a server or transfers encrypted files from his workstation to another computer, those files are sent unencrypted across the network and are therefore subject to the same security risks as unencrypted files.

If you need the highest possible security for your data and added security for network transfers, implement a network encryption mechanism such as IPSec in addition to EFS. Using a unique encryption key for each file provides an excellent level of security and makes it extremely difficult to break the encryption on an entire volume or even a single folder.

Brute force attempts would eventually succeed on a single file, but the time required to decrypt a large amount of data would be impractically large. You should also configure policies to prevent the last logon account from appearing in the logon dialog box, which would otherwise give the thief a significant leg up on cracking into the system.

Out of the box, Windows provides the ability to encrypt and decrypt files. EFS automatically generates a bulk symmetric encryption key and encrypts the file using that key. The DRF can contain data for multiple recovery agents. Each time EFS saves the file, it generates a new DRF using the current recovery agent list, which is based on the recovery policy.

Encryption and decryption is transparent to the user and happens automatically as the file is read from and written to the disk. However, when you look at things like EFS, you quickly discover that Microsoft has included security features in Windows that make it more secure than one might expect.

Editor's Picks. To set the Encryption attribute on a folder, right-click the folder and choose Properties. Windows displays a dialog box asking if you want to apply the change to the folder only or to the folder and all subfolders and files. Click OK to apply the change. All you need to do now is create files in that folder, and they will be encrypted.

To decrypt the file and work with it, just open it in its parent application. If you encrypt a folder, the folder will no longer be compressed and the same is true for individual files. If you compress an encrypted folder, it will no longer be encrypted. So, you can encrypt a folder or compress it, but not both. When you click OK, Windows asks if you want to apply the change only to the folder or to the child objects as well. If you apply the change only to the folder, any items already encrypted in the folder remain encrypted, but new items you add are not encrypted.

If you choose to apply the change to all child objects, all child objects are decrypted. For example, you might need to incorporate encryption or decryption tasks in a batch file or even a logon script. This option sets the encryption attribute for the folder. This clears the encryption attribute, and new files are not encrypted, but existing encrypted child objects are unaffected.

Objects already encrypted are skipped by default. All other options are ignored if any are specified in conjunction with this switch. Use the CIPHER command without any parameters or switches to view the current encryption state of files in the current folder or in the folder specified by the pathname parameter.

Copy a compressed file to an uncompressed folder, for example, and the copy of the file is not compressed. Encryption works similarly with a few differences.